It is session basesd.
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
nima chavooshi <nima0...
Before anything thanks a lot for your efforts and announcement.
I want to know about running multiple instance of snort. when you run multiple instance:
1- How do you load balance input traffic to snort instances?
2- Which method do you use for load balancing, packet based or session based? because if you have selected packet based,it means this way is not sufficient for connection based such as TCP. Or if you selected session based mechanism, how do you do this on multiple snort instance?
Thanks in advance for more help or guidance
On Sat, Sep 17, 2011 at 5:15 AM, livio <lricciu...
What does Soft IPS mean?
o Today Inline Intrusion Protection can be implemented entirely in
software. A $1000 off-the-shelf server with two (three is recommended)
NICS can handle 800 Mbit/s of inline. statefull, deep-packet
inspection with thousands of rules. There is no need for specialized
hardware. We offer this both in our product and as an open source
library to be integrated in your own Snort IPS system. Check it out!
o Sometimes placing a network appliance inline is not desirable or
impractical. Soft IPS technology implemented in our free sensors lets
you block unwanted traffic also in passive mode. This works by
injecting spoofed TCP packets into the network to disrupt unwanted
communications. This idea (also employed by the Great Firewall of
China) has been coupled with a sophisticated algorithm that will
safely predict what traffic to block based on the communication
patterns observed by the Soft IPS. We can block Torrents!
o Not all networks are the same. Drawing a hard line in the sand on
what to allow and what to block is primitive. Soft IPS in this context
means that drop rules should be eased into a network after evidence of
misuse (or high ranking). Drop rules should be managed just like
firewall rules. We allow full, secure customization of the drop
policies with a few simple clicks (weather you deploy in line or not)
using a browser from wherever you might be.
if you want to manage your alerts and reporting on your own, it is
totally free! You just need some hardware..
If you also want to use our event management and reporting it costs
$99/month and you get to try it for free for 14 days.
Try it by registering at nsm.metaflows.com